Page Comparison

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Status
colour Red
title Security
Stabilized and cleaned up the security-related LDAP injection prevention that was introduced in 5.0.0 and patched in 5.0.2. Re-wrote the escaping logic which still had some known issues after the patch, and have now followed escaping rules according to RFCs https://www.rfc-editor.org/rfc/rfc4515.txt and http://www.ietf.org/rfc/rfc2253.txt.

Changes in 5.9.1

14 Jul 2022 15:30 CET

Security update and OIDC+SAML bug fixes

Security patches

Status
colour Red
title Security
Update org.eclipse.jetty to patch CVE-2022-2047

Bug fixes

Status
colour Yellow
title oidc
Obfuscate client secret text that was visible upon inspect element on /idp-integration page.
Status
colour Green
title saml
IDP metadata URL wasn’t always properly persisted after setup wizard.